]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | $ ceph-authtool |
2 | ceph-authtool: must specify filename | |
3 | usage: ceph-authtool keyringfile [OPTIONS]... | |
4 | where the options are: | |
5 | -l, --list will list all keys and capabilities present in | |
6 | the keyring | |
7 | -p, --print-key will print an encoded key for the specified | |
8 | entityname. This is suitable for the | |
9 | 'mount -o secret=..' argument | |
10 | -C, --create-keyring will create a new keyring, overwriting any | |
11 | existing keyringfile | |
12 | -g, --gen-key will generate a new secret key for the | |
13 | specified entityname | |
14 | --gen-print-key will generate a new secret key without set it | |
15 | to the keyringfile, prints the secret to stdout | |
16 | --import-keyring FILE will import the content of a given keyring | |
17 | into the keyringfile | |
18 | -n NAME, --name NAME specify entityname to operate on | |
19 | -u AUID, --set-uid AUID sets the auid (authenticated user id) for the | |
20 | specified entityname | |
21 | -a BASE64, --add-key BASE64 will add an encoded key to the keyring | |
22 | --cap SUBSYSTEM CAPABILITY will set the capability for given subsystem | |
23 | --caps CAPSFILE will set all of capabilities associated with a | |
24 | given key, for all subsystems | |
94b18763 FG |
25 | --mode MODE will set the desired file mode to the keyring |
26 | e.g: '0644', defaults to '0600' | |
7c673cae FG |
27 | [1] |
28 | ||
29 | # demonstrate that manpage examples fail without config | |
30 | # TODO fix the manpage | |
31 | $ ceph-authtool --create-keyring --name client.foo --gen-key keyring | |
32 | creating keyring | |
33 | ||
34 | # work around the above | |
35 | $ touch ceph.conf | |
36 | ||
37 | To create a new keyring containing a key for client.foo: | |
38 | ||
39 | $ ceph-authtool --create-keyring --id foo --gen-key keyring | |
40 | creating keyring | |
41 | ||
42 | $ ceph-authtool --create-keyring --name client.foo --gen-key keyring | |
43 | creating keyring | |
44 | ||
45 | To associate some capabilities with the key (namely, the ability to mount a Ceph filesystem): | |
46 | ||
47 | $ ceph-authtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring | |
48 | ||
49 | To display the contents of the keyring: | |
50 | ||
51 | $ ceph-authtool -l keyring | |
52 | [client.foo] | |
53 | \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re) | |
54 | \tcaps mds = "allow" (esc) | |
55 | \tcaps mon = "allow r" (esc) | |
56 | \tcaps osd = "allow rw pool=data" (esc) |